Clickjacking & Cross-site Scripting Attacks
Explore the mechanics of clickjacking and cross-site scripting attacks, common web security threats that manipulate user interactions or execute malicious code. Understand how the X-Frame-Options header prevents unauthorized iframe embedding and how input sanitation stops malicious scripts from running. This lesson helps you grasp essential defenses for safeguarding web applications against these vulnerabilities.
Problem: your money gets stolen online… again!!
Imagine you receive an email to a link. You click on it and it opens up to something like this:
Obviously, you’re going to click it. Everyone wants a new guitar! But as soon as you do, all your money from your bank gets stolen! What happened there?
A clickjacking attack! An attacker directed you to their website that had an embedded iframe to your banking website. The opacity of the iframe was cleverly set to zero. When you clicked on the attractive link, you ...